In answer to the question can medical records be subpoenaed; the answer is yes because every type of record can be subpoenaed. Possibly a more relevant question would be “how should healthcare providers respond to a subpoena for medical records”? In most states, there are three types of subpoenas – a “witness subpoena” that requires… Read More »
Lubbock Heart & Surgical Hospital in Texas has recently announced it was the victim of a hacking incident that resulted in disruption to the operations of some of its IT systems. The cyberattack was detected by the hospital on July 12, 2022, and immediate action was taken to contain the incident and prevent further unauthorized… Read More »
One of the capabilities of many business password managers is the ability to send encrypted messages to any recipient. Often this capability is used to securely share login credentials or other confidential data. But is it okay to share ePHI via a business password manager? Over the past few years, the capabilities of business password… Read More »
The Physicians’ Spine and Rehabilitation Specialists of Georgia (PSRSG) has notified 38,765 patients that some of their protected health information has potentially been compromised in a cyberattack that occurred on or around July 11, 2022. A team of external cybersecurity experts was engaged to assist with the investigation and remediation efforts, and its systems were… Read More »
What happens after a HIPAA complaint is filed can vary according to who it is filed with, whether or not the complaint is justified, and the nature of the complaint. When you register with a healthcare provider or become a member of a group health plan, you are given a Notice of Privacy Practices. The… Read More »
The ISO 27001 standard is currently being updated and the latest version is due for publication next month. The early indications are that, although the control domains will be significantly revised, there are only minor changes expected to the ISO 27001 password management controls. The ISO 27001 standard is an international information security standard jointly… Read More »
Some of the biggest fines for HIPAA violations have been for failing to comply with the medical records destruction rules. Consequently, it is vital Covered Entities and Business Associates are aware how to destruct medical records compliantly. Each state has its own requirements for retaining medical records; and, in some cases, certain types of medical… Read More »
The Ohio law firm, Bricker & Eckler LLP, has agreed to settle a class action data breach lawsuit filed on behalf of individuals affected by a 2021 ransomware attack on the firm. Bricker & Eckler is a full-service law firm that serves many healthcare clients. The breach investigation confirmed that sensitive patient data was copied… Read More »
For the third successive month, the number of healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights has fallen, with 49 breaches of 500 or more records reported in August– well below the 12-month average of 58 breaches per month. The 25.75% percentage decrease from July 2022 was… Read More »
The New York Ambulance Service, Empress EMS (Emergency Medical Services), has confirmed it was the victim of a ransomware attack. The attack was detected on July 14, 2022, and resulted in files on certain systems being encrypted. According to the company’s website notification, steps were immediately taken to contain the incident and third-party forensics experts… Read More »